diff --git a/keystone/backends/kvs.py b/keystone/backends/kvs.py index 5e3d00fc21..c67eac05ea 100644 --- a/keystone/backends/kvs.py +++ b/keystone/backends/kvs.py @@ -115,48 +115,48 @@ class KvsIdentity(object): self.update_metadata(user_id, tenant_id, metadata_ref) # CRUD - def create_user(self, id, user): - self.db.set('user-%s' % id, user) + def create_user(self, user_id, user): + self.db.set('user-%s' % user_id, user) self.db.set('user_name-%s' % user['name'], user) user_list = set(self.db.get('user_list', [])) - user_list.add(id) + user_list.add(user_id) self.db.set('user_list', list(user_list)) return user - def update_user(self, id, user): + def update_user(self, user_id, user): # get the old name and delete it too - old_user = self.db.get('user-%s' % id) + old_user = self.db.get('user-%s' % user_id) self.db.delete('user_name-%s' % old_user['name']) - self.db.set('user-%s' % id, user) + self.db.set('user-%s' % user_id, user) self.db.set('user_name-%s' % user['name'], user) return user - def delete_user(self, id): - old_user = self.db.get('user-%s' % id) + def delete_user(self, user_id): + old_user = self.db.get('user-%s' % user_id) self.db.delete('user_name-%s' % old_user['name']) - self.db.delete('user-%s' % id) + self.db.delete('user-%s' % user_id) user_list = set(self.db.get('user_list', [])) - user_list.remove(id) + user_list.remove(user_id) self.db.set('user_list', list(user_list)) return None - def create_tenant(self, id, tenant): - self.db.set('tenant-%s' % id, tenant) + def create_tenant(self, tenant_id, tenant): + self.db.set('tenant-%s' % tenant_id, tenant) self.db.set('tenant_name-%s' % tenant['name'], tenant) return tenant - def update_tenant(self, id, tenant): + def update_tenant(self, tenant_id, tenant): # get the old name and delete it too - old_tenant = self.db.get('tenant-%s' % id) + old_tenant = self.db.get('tenant-%s' % tenant_id) self.db.delete('tenant_name-%s' % old_tenant['name']) - self.db.set('tenant-%s' % id, tenant) + self.db.set('tenant-%s' % tenant_id, tenant) self.db.set('tenant_name-%s' % tenant['name'], tenant) return tenant - def delete_tenant(self, id): - old_tenant = self.db.get('tenant-%s' % id) + def delete_tenant(self, tenant_id): + old_tenant = self.db.get('tenant-%s' % tenant_id) self.db.delete('tenant_name-%s' % old_tenant['name']) - self.db.delete('tenant-%s' % id) + self.db.delete('tenant-%s' % tenant_id) return None def create_metadata(self, user_id, tenant_id, metadata): @@ -171,21 +171,21 @@ class KvsIdentity(object): self.db.delete('metadata-%s-%s' % (tenant_id, user_id)) return None - def create_role(self, id, role): - self.db.set('role-%s' % id, role) + def create_role(self, role_id, role): + self.db.set('role-%s' % role_id, role) role_list = set(self.db.get('role_list', [])) - role_list.add(id) + role_list.add(role_id) self.db.set('role_list', list(role_list)) return role - def update_role(self, id, role): - self.db.set('role-%s' % id, role) + def update_role(self, role_id, role): + self.db.set('role-%s' % role_id, role) return role - def delete_role(self, id): - self.db.delete('role-%s' % id) + def delete_role(self, role_id): + self.db.delete('role-%s' % role_id) role_list = set(self.db.get('role_list', [])) - role_list.remove(id) + role_list.remove(role_id) self.db.set('role_list', list(role_list)) return None @@ -199,15 +199,15 @@ class KvsToken(object): self.db = db # Public interface - def get_token(self, id): - return self.db.get('token-%s' % id) + def get_token(self, token_id): + return self.db.get('token-%s' % token_id) - def create_token(self, id, data): - self.db.set('token-%s' % id, data) + def create_token(self, token_id, data): + self.db.set('token-%s' % token_id, data) return data - def delete_token(self, id): - return self.db.delete('token-%s' % id) + def delete_token(self, token_id): + return self.db.delete('token-%s' % token_id) class KvsCatalog(object): @@ -228,21 +228,21 @@ class KvsCatalog(object): def list_services(self): return self.db.get('service_list', []) - def create_service(self, id, service): - self.db.set('service-%s' % id, service) + def create_service(self, service_id, service): + self.db.set('service-%s' % service_id, service) service_list = set(self.db.get('service_list', [])) - service_list.add(id) + service_list.add(service_id) self.db.set('service_list', list(service_list)) return service - def update_service(self, id, service): - self.db.set('service-%s' % id, service) + def update_service(self, service_id, service): + self.db.set('service-%s' % service_id, service) return service - def delete_service(self, id): - self.db.delete('service-%s' % id) + def delete_service(self, service_id): + self.db.delete('service-%s' % service_id) service_list = set(self.db.get('service_list', [])) - service_list.remove(id) + service_list.remove(service_id) self.db.set('service_list', list(service_list)) return None diff --git a/keystone/backends/sql/core.py b/keystone/backends/sql/core.py index e6862c1f03..c17f991284 100644 --- a/keystone/backends/sql/core.py +++ b/keystone/backends/sql/core.py @@ -347,7 +347,7 @@ class SqlIdentity(SqlBase): self.create_metadata(user_id, tenant_id, metadata_ref) # CRUD - def create_user(self, id, user): + def create_user(self, user_id, user): session = self.get_session() with session.begin(): user_ref = User.from_dict(user) @@ -355,10 +355,10 @@ class SqlIdentity(SqlBase): session.flush() return user_ref.to_dict() - def update_user(self, id, user): + def update_user(self, user_id, user): session = self.get_session() with session.begin(): - user_ref = session.query(User).filter_by(id=id).first() + user_ref = session.query(User).filter_by(id=user_id).first() old_user_dict = user_ref.to_dict() for k in user: old_user_dict[k] = user[k] @@ -369,14 +369,14 @@ class SqlIdentity(SqlBase): session.flush() return user_ref - def delete_user(self, id): + def delete_user(self, user_id): session = self.get_session() - user_ref = session.query(User).filter_by(id=id).first() + user_ref = session.query(User).filter_by(id=user_id).first() with session.begin(): session.delete(user_ref) session.flush() - def create_tenant(self, id, tenant): + def create_tenant(self, tenant_id, tenant): session = self.get_session() with session.begin(): tenant_ref = Tenant.from_dict(tenant) @@ -384,10 +384,10 @@ class SqlIdentity(SqlBase): session.flush() return tenant_ref.to_dict() - def update_tenant(self, id, tenant): + def update_tenant(self, tenant_id, tenant): session = self.get_session() with session.begin(): - tenant_ref = session.query(Tenant).filter_by(id=id).first() + tenant_ref = session.query(Tenant).filter_by(id=tenant_id).first() old_tenant_dict = tenant_ref.to_dict() for k in tenant: old_tenant_dict[k] = tenant[k] @@ -398,9 +398,9 @@ class SqlIdentity(SqlBase): session.flush() return tenant_ref - def delete_tenant(self, id): + def delete_tenant(self, tenant_id): session = self.get_session() - tenant_ref = session.query(Tenant).filter_by(id=id).first() + tenant_ref = session.query(Tenant).filter_by(id=tenant_id).first() with session.begin(): session.delete(tenant_ref) session.flush() @@ -432,25 +432,25 @@ class SqlIdentity(SqlBase): self.db.delete('metadata-%s-%s' % (tenant_id, user_id)) return None - def create_role(self, id, role): + def create_role(self, role_id, role): session = self.get_session() with session.begin(): session.add(Role(**role)) session.flush() return role - def update_role(self, id, role): + def update_role(self, role_id, role): session = self.get_session() with session.begin(): - role_ref = session.query(Role).filter_by(id=id).first() + role_ref = session.query(Role).filter_by(id=role_id).first() for k in role: role_ref[k] = role[k] session.flush() return role_ref - def delete_role(self, id): + def delete_role(self, role_id): session = self.get_session() - role_ref = session.query(Role).filter_by(id=id).first() + role_ref = session.query(Role).filter_by(id=role_id).first() with session.begin(): session.delete(role_ref) diff --git a/keystone/bufferedhttp.py b/keystone/bufferedhttp.py index fdb35ee657..769a9b8bf3 100644 --- a/keystone/bufferedhttp.py +++ b/keystone/bufferedhttp.py @@ -1,3 +1,5 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + # Copyright (c) 2010-2011 OpenStack, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/keystone/catalog.py b/keystone/catalog.py index 6ad348e5b9..8382108d1f 100644 --- a/keystone/catalog.py +++ b/keystone/catalog.py @@ -1,30 +1,12 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 -# the catalog interfaces - from keystone import config -from keystone import utils +from keystone import manager CONF = config.CONF -class Manager(object): +class Manager(manager.Manager): def __init__(self): - self.driver = utils.import_object(CONF.catalog.driver) - - def get_catalog(self, context, user_id, tenant_id, metadata=None): - """Return info for a catalog if it is valid.""" - return self.driver.get_catalog(user_id, tenant_id, metadata=metadata) - - def get_service(self, context, service_id): - return self.driver.get_service(service_id) - - def list_services(self, context): - return self.driver.list_services() - - def create_service(self, context, service_id, data): - return self.driver.create_service(service_id, data) - - def delete_service(self, context, service_id): - return self.driver.delete_service(service_id) + super(Manager, self).__init__(CONF.catalog.driver) diff --git a/keystone/config.py b/keystone/config.py index c99a6aff19..6cbc1571b8 100644 --- a/keystone/config.py +++ b/keystone/config.py @@ -1,4 +1,5 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 + import gettext import logging import sys diff --git a/keystone/identity.py b/keystone/identity.py index 60bada9f3f..6ef8298a6a 100644 --- a/keystone/identity.py +++ b/keystone/identity.py @@ -1,105 +1,12 @@ -# these will be the basic data types for tenants and users -# backends will make use of them to return something that conforms to their -# apis +# vim: tabstop=4 shiftwidth=4 softtabstop=4 from keystone import config -from keystone import utils +from keystone import manager CONF = config.CONF -class Manager(object): - def __init__(self): - self.driver = utils.import_object(CONF.identity.driver) - - def authenticate(self, context, **kwargs): - """Passthru authentication to the identity driver. - - This call will basically just result in getting a token. - """ - return self.driver.authenticate(**kwargs) - - def get_user(self, context, user_id): - return self.driver.get_user(user_id) - - def get_user_by_name(self, context, user_name): - return self.driver.get_user_by_name(user_name) - - def get_tenant(self, context, tenant_id): - return self.driver.get_tenant(tenant_id) - - def get_tenant_by_name(self, context, tenant_name): - return self.driver.get_tenant_by_name(tenant_name) - - def get_metadata(self, context, user_id, tenant_id): - return self.driver.get_metadata(user_id, tenant_id) - - def get_role(self, context, role_id): - return self.driver.get_role(role_id) - - # NOTE(termie): i think it will probably be a bad move in the end to try to - # list all users - def list_users(self, context): - return self.driver.list_users() - - def list_roles(self, context): - return self.driver.list_roles() - - # These should probably be the high-level API calls - def add_user_to_tenant(self, context, user_id, tenant_id): - self.driver.add_user_to_tenant(user_id, tenant_id) - - def remove_user_from_tenant(self, context, user_id, tenant_id): - self.driver.remove_user_from_tenant(user_id, tenant_id) - - def get_tenants_for_user(self, context, user_id): - return self.driver.get_tenants_for_user(user_id) - - def get_roles_for_user_and_tenant(self, context, user_id, tenant_id): - return self.driver.get_roles_for_user_and_tenant(user_id, tenant_id) - - def add_role_to_user_and_tenant(self, context, user_id, tenant_id, role_id): - return self.driver.add_role_to_user_and_tenant(user_id, tenant_id, role_id) - - def remove_role_from_user_and_tenant(self, context, user_id, - tenant_id, role_id): - return self.driver.remove_role_from_user_and_tenant( - user_id, tenant_id, role_id) - - # CRUD operations - def create_user(self, context, user_id, data): - return self.driver.create_user(user_id, data) - - def update_user(self, context, user_id, data): - return self.driver.update_user(user_id, data) - - def delete_user(self, context, user_id): - return self.driver.delete_user(user_id) - - def create_tenant(self, context, tenant_id, data): - return self.driver.create_tenant(tenant_id, data) - - def update_tenant(self, context, tenant_id, data): - return self.driver.update_tenant(tenant_id, data) - - def delete_tenant(self, context, tenant_id): - return self.driver.delete_tenant(tenant_id) - - def create_metadata(self, context, user_id, tenant_id, data): - return self.driver.create_metadata(user_id, tenant_id, data) - - def update_metadata(self, context, user_id, tenant_id, data): - return self.driver.update_metadata(user_id, tenant_id, data) - - def delete_metadata(self, context, user_id, tenant_id): - return self.driver.delete_metadata(user_id, tenant_id) - - def create_role(self, context, role_id, data): - return self.driver.create_role(role_id, data) - - def update_role(self, context, role_id, data): - return self.driver.update_role(role_id, data) - - def delete_role(self, context, role_id): - return self.driver.delete_role(role_id) +class Manager(manager.Manager): + def __init__(self): + super(Manager, self).__init__(CONF.identity.driver) diff --git a/keystone/manager.py b/keystone/manager.py new file mode 100644 index 0000000000..566d2a23ba --- /dev/null +++ b/keystone/manager.py @@ -0,0 +1,23 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +import functools + +from keystone import config +from keystone import utils + + +class Manager(object): + def __init__(self, driver_name): + self.driver = utils.import_object(driver_name) + + def __getattr__(self, name): + # NOTE(termie): context is the first argument, we're going to strip + # that for now, in the future we'll probably do some + # logging and whatnot in this class + f = getattr(self.driver, name) + + @functools.wraps(f) + def _wrapper(context, *args, **kw): + return f(*args, **kw) + setattr(self, name, _wrapper) + return _wrapper diff --git a/keystone/policy.py b/keystone/policy.py index f5c3c6d4c5..f41f54ad78 100644 --- a/keystone/policy.py +++ b/keystone/policy.py @@ -1,18 +1,12 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 -# the catalog interfaces - from keystone import config -from keystone import utils +from keystone import manager CONF = config.CONF -class Manager(object): +class Manager(manager.Manager): def __init__(self): - self.driver = utils.import_object(CONF.policy.driver) - - def can_haz(self, context, target, credentials): - """Check whether the given creds can perform action on target.""" - return self.driver.can_haz(target, credentials) + super(Manager, self).__init__(CONF.policy.driver) diff --git a/keystone/service.py b/keystone/service.py index b194e267e1..dc666dc6c3 100644 --- a/keystone/service.py +++ b/keystone/service.py @@ -368,6 +368,7 @@ class TokenController(Application): that will return a token that is scoped to that tenant. """ + token_id = uuid.uuid4().hex if 'passwordCredentials' in auth: username = auth['passwordCredentials'].get('username', '') password = auth['passwordCredentials'].get('password', '') @@ -394,10 +395,11 @@ class TokenController(Application): password=password, tenant_id=tenant_id) token_ref = self.token_api.create_token( - context, dict(expires='', - user=user_ref, - tenant=tenant_ref, - metadata=metadata_ref)) + context, token_id, dict(expires='', + id=token_id, + user=user_ref, + tenant=tenant_ref, + metadata=metadata_ref)) if tenant_ref: catalog_ref = self.catalog_api.get_catalog( context=context, @@ -446,10 +448,11 @@ class TokenController(Application): catalog_ref = {} token_ref = self.token_api.create_token( - context, dict(expires='', - user=user_ref, - tenant=tenant_ref, - metadata=metadata_ref)) + context, token_id, dict(expires='', + id=token_id, + user=user_ref, + tenant=tenant_ref, + metadata=metadata_ref)) # TODO(termie): optimize this call at some point and put it into the # the return for metadata @@ -625,18 +628,18 @@ class TenantController(Application): tenant_ref['id'] = tenant_id tenant = self.identity_api.create_tenant( - context, tenant_id=tenant_id, data=tenant_ref) + context, tenant_id, tenant_ref) return {'tenant': tenant} def update_tenant(self, context, tenant_id, tenant): self.assert_admin(context) tenant_ref = self.identity_api.update_tenant( - context, tenant_id=tenant_id, data=tenant) + context, tenant_id, tenant) return {'tenant': tenant_ref} def delete_tenant(self, context, tenant_id, **kw): self.assert_admin(context) - self.identity_api.delete_tenant(context, tenant_id=tenant_id) + self.identity_api.delete_tenant(context, tenant_id) def get_tenant_users(self, context, **kw): self.assert_admin(context) diff --git a/keystone/token.py b/keystone/token.py index 194767bc8a..0657f8fac9 100644 --- a/keystone/token.py +++ b/keystone/token.py @@ -1,31 +1,12 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 -# the token interfaces - -import uuid - from keystone import config -from keystone import logging -from keystone import utils +from keystone import manager CONF = config.CONF -class Manager(object): +class Manager(manager.Manager): def __init__(self): - self.driver = utils.import_object(CONF.token.driver) - - def create_token(self, context, data): - token = uuid.uuid4().hex - data['id'] = token - token_ref = self.driver.create_token(token, data) - return token_ref - - @logging.log_debug - def get_token(self, context, token_id): - """Return info for a token if it is valid.""" - return self.driver.get_token(token_id) - - def delete_token(self, context, token_id): - self.driver.delete_token(token_id) + super(Manager, self).__init__(CONF.token.driver)